cmd/tailscaled, wgengine{,/netstack}: add netstack hybrid mode, add to Windows

For #707 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-11 21:27:31 +00:00 · 2021-04-01 09:35:41 -07:00
parent 1f99f889e1
commit d488678fdc
8 changed files with 220 additions and 33 deletions
--- a/wgengine/netstack/netstack.go
+++ b/wgengine/netstack/netstack.go
@@ -47,12 +47,13 @@ const debugNetstack = false
 // and implements wgengine.FakeImpl to act as a userspace network
 // stack when Tailscale is running in fake mode.
 type Impl struct {
-	ipstack *stack.Stack
-	linkEP  *channel.Endpoint
-	tundev  *tstun.Wrapper
-	e       wgengine.Engine
-	mc      *magicsock.Conn
-	logf    logger.Logf
+	ipstack     *stack.Stack
+	linkEP      *channel.Endpoint
+	tundev      *tstun.Wrapper
+	e           wgengine.Engine
+	mc          *magicsock.Conn
+	logf        logger.Logf
+	onlySubnets bool // whether we only want to handle subnet relaying

 	mu  sync.Mutex
 	dns DNSMap
@@ -67,7 +68,7 @@ const nicID = 1
 const mtu = 1500

 // Create creates and populates a new Impl.
-func Create(logf logger.Logf, tundev *tstun.Wrapper, e wgengine.Engine, mc *magicsock.Conn) (*Impl, error) {
+func Create(logf logger.Logf, tundev *tstun.Wrapper, e wgengine.Engine, mc *magicsock.Conn, onlySubnets bool) (*Impl, error) {
 	if mc == nil {
 		return nil, errors.New("nil magicsock.Conn")
 	}
@@ -116,11 +117,13 @@ func Create(logf logger.Logf, tundev *tstun.Wrapper, e wgengine.Engine, mc *magi
 		e:                   e,
 		mc:                  mc,
 		connsOpenBySubnetIP: make(map[netaddr.IP]int),
+		onlySubnets:         onlySubnets,
 	}
 	return ns, nil
 }

 // Start sets up all the handlers so netstack can start working. Implements
+
 // wgengine.FakeImpl.
 func (ns *Impl) Start() error {
 	ns.e.AddNetworkMapCallback(ns.updateIPs)
@@ -223,7 +226,15 @@ func (ns *Impl) updateIPs(nm *netmap.NetworkMap) {
 		oldIPs[protocolAddr.AddressWithPrefix] = true
 	}
 	newIPs := make(map[tcpip.AddressWithPrefix]bool)
+
+	isAddr := map[netaddr.IPPrefix]bool{}
+	for _, ipp := range nm.SelfNode.Addresses {
+		isAddr[ipp] = true
+	}
 	for _, ipp := range nm.SelfNode.AllowedIPs {
+		if ns.onlySubnets && isAddr[ipp] {
+			continue
+		}
 		newIPs[ipPrefixToAddressWithPrefix(ipp)] = true
 	}

--- a/wgengine/netstack/subnet_router_wrapper.go
+++ b/wgengine/netstack/subnet_router_wrapper.go
@@ -0,0 +1,36 @@
+// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package netstack
+
+import (
+	"reflect"
+
+	"tailscale.com/wgengine"
+	"tailscale.com/wgengine/router"
+)
+
+func init() {
+	wgengine.NetstackRouterType = reflect.TypeOf(&subnetRouter{})
+}
+
+type subnetRouter struct {
+	router.Router
+}
+
+// NewSubnetRouterWrapper returns a Router wrapper that prevents the
+// underlying Router r from seeing any advertised subnet routes, as
+// netstack will handle them instead.
+func NewSubnetRouterWrapper(r router.Router) router.Router {
+	return &subnetRouter{
+		Router: r,
+	}
+}
+
+func (r *subnetRouter) Set(c *router.Config) error {
+	if c != nil {
+		c.SubnetRoutes = nil // netstack will handle
+	}
+	return r.Router.Set(c)
+}